Azure Kubernetes Service · Arazzo Workflow

Azure Kubernetes Service Provision Cluster and Fetch Credentials

Version 1.0.0

Create a managed AKS cluster, poll until it is provisioned, then retrieve admin kubeconfig.

1 workflow 1 source API 1 provider
View Spec View on GitHub AzureCloudContainersDevOpsKubernetesOrchestrationArazzoWorkflows

Provider

azure-kubernetes-service

Workflows

provision-cluster-and-fetch-credentials
Create an AKS managed cluster, wait for it to finish provisioning, and pull admin credentials.
Issues a ManagedClusters_CreateOrUpdate, then loops on ManagedClusters_Get until provisioningState is Succeeded, and finally calls ManagedClusters_ListClusterAdminCredentials to obtain the kubeconfig.
3 steps inputs: accessToken, apiVersion, dnsPrefix, kubernetesVersion, location, nodeCount, resourceGroupName, resourceName, subscriptionId, vmSize outputs: clusterId, fqdn, kubeconfig, provisioningState
1
createCluster
ManagedClusters_CreateOrUpdate
Submit a managed cluster create-or-update request. ARM wraps cluster configuration under a properties object and returns 201 Created for an asynchronous provision.
2
pollCluster
ManagedClusters_Get
Read the cluster and inspect provisioningState. While the cluster is still Creating the flow loops back to this step; once it reports Succeeded the flow advances to retrieve credentials.
3
listAdminCredentials
ManagedClusters_ListClusterAdminCredentials
List the cluster admin credentials. The response carries a kubeconfigs array whose first entry holds the base64-encoded kubeconfig for the new cluster.

Source API Descriptions

openapi
aksApi https://raw.githubusercontent.com/api-evangelist/azure-kubernetes-service/refs/heads/main/openapi/azure-kubernetes-service-openapi.yml

Arazzo Workflow Specification

azure-kubernetes-service-provision-cluster-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Azure Kubernetes Service Provision Cluster and Fetch Credentials
  summary: Create a managed AKS cluster, poll until it is provisioned, then retrieve admin kubeconfig.
  description: >-
    Drives the canonical day-one AKS flow: submit a managed cluster create
    request, poll the cluster Get endpoint until its provisioningState reports
    Succeeded (branching back to keep polling while it is still Creating), and
    then list the cluster admin credentials so the resulting kubeconfig can be
    used to connect to the new cluster. Every step inlines its request so the
    flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: aksApi
  url: ../openapi/azure-kubernetes-service-openapi.yml
  type: openapi
workflows:
- workflowId: provision-cluster-and-fetch-credentials
  summary: Create an AKS managed cluster, wait for it to finish provisioning, and pull admin credentials.
  description: >-
    Issues a ManagedClusters_CreateOrUpdate, then loops on ManagedClusters_Get
    until provisioningState is Succeeded, and finally calls
    ManagedClusters_ListClusterAdminCredentials to obtain the kubeconfig.
  inputs:
    type: object
    required:
    - subscriptionId
    - resourceGroupName
    - resourceName
    - location
    - accessToken
    properties:
      subscriptionId:
        type: string
        description: The ID of the target subscription (valid UUID).
      resourceGroupName:
        type: string
        description: The name of the resource group.
      resourceName:
        type: string
        description: The name of the managed cluster to create.
      location:
        type: string
        description: The Azure region for the cluster (e.g. eastus).
      apiVersion:
        type: string
        description: The AKS REST API version to use.
        default: '2025-10-01'
      dnsPrefix:
        type: string
        description: The DNS prefix for the cluster API server.
        default: aks
      kubernetesVersion:
        type: string
        description: The Kubernetes version to deploy.
        default: '1.30'
      nodeCount:
        type: integer
        description: The initial node count for the default system pool.
        default: 3
      vmSize:
        type: string
        description: The VM size for the default system pool nodes.
        default: Standard_DS2_v2
      accessToken:
        type: string
        description: An Azure AD bearer token with user_impersonation scope.
  steps:
  - stepId: createCluster
    description: >-
      Submit a managed cluster create-or-update request. ARM wraps cluster
      configuration under a properties object and returns 201 Created for an
      asynchronous provision.
    operationId: ManagedClusters_CreateOrUpdate
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: resourceName
      in: path
      value: $inputs.resourceName
    - name: api-version
      in: query
      value: $inputs.apiVersion
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    requestBody:
      contentType: application/json
      payload:
        location: $inputs.location
        properties:
          dnsPrefix: $inputs.dnsPrefix
          kubernetesVersion: $inputs.kubernetesVersion
          agentPoolProfiles:
          - name: systempool
            count: $inputs.nodeCount
            vmSize: $inputs.vmSize
            osType: Linux
            mode: System
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      clusterId: $response.body#/id
      provisioningState: $response.body#/properties/provisioningState
  - stepId: pollCluster
    description: >-
      Read the cluster and inspect provisioningState. While the cluster is still
      Creating the flow loops back to this step; once it reports Succeeded the
      flow advances to retrieve credentials.
    operationId: ManagedClusters_Get
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: resourceName
      in: path
      value: $inputs.resourceName
    - name: api-version
      in: query
      value: $inputs.apiVersion
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      provisioningState: $response.body#/properties/provisioningState
      fqdn: $response.body#/properties/fqdn
    onSuccess:
    - name: clusterReady
      type: goto
      stepId: listAdminCredentials
      criteria:
      - context: $response.body
        condition: $.properties.provisioningState == "Succeeded"
        type: jsonpath
    - name: keepPolling
      type: goto
      stepId: pollCluster
      criteria:
      - context: $response.body
        condition: $.properties.provisioningState != "Succeeded"
        type: jsonpath
  - stepId: listAdminCredentials
    description: >-
      List the cluster admin credentials. The response carries a kubeconfigs
      array whose first entry holds the base64-encoded kubeconfig for the new
      cluster.
    operationId: ManagedClusters_ListClusterAdminCredentials
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: resourceName
      in: path
      value: $inputs.resourceName
    - name: api-version
      in: query
      value: $inputs.apiVersion
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      kubeconfigName: $response.body#/kubeconfigs/0/name
      kubeconfig: $response.body#/kubeconfigs/0/value
  outputs:
    clusterId: $steps.createCluster.outputs.clusterId
    provisioningState: $steps.pollCluster.outputs.provisioningState
    fqdn: $steps.pollCluster.outputs.fqdn
    kubeconfig: $steps.listAdminCredentials.outputs.kubeconfig